Least Privilege Eases Whitelisting Requirements

by Derek Melber

I find that many companies think that whitelisting can be an amazing security technology for their enterprise. I agree with them… to a point. Where I disagree is in the overall approach to deploying the whitelisting solution, as I find that many organizations want whitelisting to be more than it is. I don’t know of anyone that has been talking about least privilege more than I have over the past 10 years, but I put most of my eggs in the least privilege basket, rather than the whitelisting basket. The reasons are very compelling and I believe that by the end of this article, you will be converted to thinking the way that I do on the subject! The overall goal, of course, is to reduce your security risks while reducing cost and effort to achieve this goal.